Hunting alone does NOT protect the network

Hunting alone does NOT protect the network

Just about every single "TIPS" platform I come across solves one problem; getting users into their ecosystem where they can hunt for things in the past. These platforms are designed to FIND breaches, thwarting them seems to be an afterthought, if at-all. I can bring vulnerability data and passive dns data into my view to see that i've been owned, if I figured that out- why can't that logic just go into my network and keep me from getting owned in the first place?

Deploying Threat Intel Platforms, From GitHub.

Deploying Threat Intel Platforms, From GitHub.

The problem wasn't trying to manage and automate the code deployment, as much as it became managing the playbooks that deployed the application(s). We could have kept those playbooks in with the core code, but that's more over-head in the repo and more people touching the core code that didn't need to....

Hunting for suspicious domains with Python and SKLearn

Hunting for suspicious domains with Python and SKLearn

If you treated every suspicious domain as a coin flip, in a normally distributed sample, over time you'd have a 50/50 chance at being right.If you filter out the top 1000 domains from Alexa, you're probably at 70/30, if you weed out domains that have more than 3 dots in them, 75/25, 3 or more hyphens might get you to 80/20 and if the domain is greater than 15 chars, it's probably not worth your time....

Deploying Threat Intelligence Platforms- in 10min or less.

Deploying Threat Intelligence Platforms- in 10min or less.

If you run an open-source project, you have no time to spend on testing deployments- so you AUTOMATE ALL THE THINGS, from testing to install, across as many platforms as you possibly can.. because if you give folks documentation, they will not read it, but if you give them an easybutton- they'll BASH THE HELL OUT OF IT. What you quickly figure out- is how many different ways they'll then want to bend, tweak and scale out your application. This leads to more questions, more answers, more time (did I mention you're not really making any money from this, it's all goodwill...  you learn a lot, but you also lose a lot of time with your family... depending on your situation, maybe good, maybe bad).

Subscribe to our newsletter

Join our newsletter and never miss out on new stories.